Privacy Policy
Last updated: 5 april 2026
Need help? Contact us at info [at] easy-audit [dot] ai
Last updated: 5 april 2026
Need help? Contact us at info [at] easy-audit [dot] ai
Effective from: 01.04.2026 | Last updated: 05.04.2026
Translation Notice: This English translation was produced with the assistance of artificial intelligence (LLM) and is provided for informational purposes only. In the event of any discrepancy between the English and Slovak versions, the Slovak version shall prevail. The relationship is governed by the law of the Slovak Republic.
The legally binding version is available at: /sk/legal/privacy
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as the "GDPR Regulation") and the Slovak Personal Data Protection Act (Act No. 18/2018 Coll.) (hereinafter referred to as the "Personal Data Protection Act") impose an obligation on personal data controllers to provide data subjects with information about the purpose for which their personal data are intended, including cases where personal data are not obtained directly from the data subject.
DDN Consulting s.r.o. so sidlom Bodiky 222, Bodiky 930 31, ICO 55 879 128, zapisanej v OR SR Okresny sud Trnava, oddiel: Sro, vlozka cislo 55445/T
General contact email: [email protected]
Contact email for GDPR matters: [email protected]
When ordering and using the service, we collect:
The audit does NOT collect:
As data subjects, you have the following rights:
— the right to be informed whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary for entering into a contract, whether the data subject is obliged to provide personal data, and the possible consequences of failing to provide such data.
— the right to obtain information about the source from which personal data originate, if they were not obtained from the data subject, or information about whether the data originate from publicly accessible sources.
— the right to obtain confirmation from the controller as to whether personal data relating to the data subject are being processed. Where the controller processes personal data, the data subject has the right to access such personal data and to obtain the following information:
— the right to request access to personal data relating to the data subject from the controller — the data subject has the right to be provided with a copy of the personal data held by the controller, as well as information on how the controller uses the personal data. In most cases, personal data will be provided to the data subject in written paper form, unless the data subject requests another method of provision. If the data subject requests that the information be provided by electronic means, the information shall be provided electronically where technically feasible.
— the right to rectification of personal data — the data subject has the right to have inaccurate personal data relating to them corrected by the controller without undue delay. The data subject has the right to have incomplete personal data completed. If the data subject believes that the personal data held by the controller are inaccurate, incomplete, or outdated, they should not hesitate to request that the controller amend, update, or complete such information.
— the right to erasure of personal data (right to be forgotten) — the data subject has the right to request the controller to erase personal data, for example where the personal data obtained by the controller are no longer necessary for the original purpose of processing. The data subject cannot effectively exercise their right to erasure where the processing is necessary for the establishment, exercise, or defence of the controller's legal claims, or where the personal data are still necessary for the purposes for which they were collected or otherwise processed.
— the right to restriction of processing of personal data — under certain circumstances, the data subject is entitled to request the controller to cease using their personal data. This applies, for example, in cases where the data subject believes that the personal data processed by the controller may be inaccurate or where they believe that the controller no longer needs to use the personal data.
— the right to object to the processing of personal data — the data subject has the right to object to the processing of data that is based on the legitimate interests of the controller. Where the data subject does not have a compelling legitimate reason for the processing and lodges an objection, the controller shall no longer process the personal data.
— the right to data portability — under certain circumstances, the data subject has the right to request the controller to transfer the personal data provided to them to another third party of their choice. However, the right to portability only applies to personal data that the controller obtained from the data subject on the basis of consent or on the basis of a contract to which the data subject is a party.
— the right to withdraw consent at any time — in cases where the controller processes personal data on the basis of the data subject's consent, the data subject has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; the data subject must be informed of this fact before providing consent. The data subject may withdraw consent in the same manner in which consent was given.
— the right to lodge a complaint — a data subject who claims to be directly affected in their rights (if they believe that the controller processes their personal data unfairly or unlawfully, or otherwise violates the protection of personal data) may file a motion to initiate proceedings or a complaint with the supervisory authority. The supervisory authority is: the Office for Personal Data Protection of the Slovak Republic (Urad na ochranu osobnych udajov SR), Namestie 1. maja 18, 811 06 Bratislava; if the motion is filed electronically, it must meet the requirements of administrative procedure law.
Data are NOT used for training AI models nor provided to third parties for marketing purposes.
For the controller's audit services (sections 2.2–2.7 above), the controller does not transfer personal data to third countries or to international organisations. For prospect-outreach data (see "Prospect data" below), the controller uses an email service provider, Proton AG, established in Switzerland. Switzerland is recognised by both the European Commission and the United Kingdom as ensuring an adequate level of data protection, so this transfer takes place on the basis of an adequacy decision and no additional safeguards are required.
If easyAI contacted you by email without you having given us your details directly, this section explains how we process your data and your rights, as required by Article 14 of the UK GDPR / EU GDPR.
Controller. DDN Consulting s.r.o., Bodíky 222, 930 31 Bodíky, Slovakia (IČO 55 879 128; registered with the Commercial Register of the District Court Trnava, section Sro, insert No. 55445/T), operating the easyAI brand. Data-protection contact: [email protected].
What data we hold. Your name, business role, business email address, employer, the public source where we found your details, and the role-relevant business signal that prompted our contact. We hold no special-category data.
Purpose. To make a relevant business-to-business approach about our AI Foundation Audit to the appropriate decision-maker at your organisation.
Lawful basis. Legitimate interest (Article 6(1)(f)) in relevant business-to-business direct marketing of our professional services (Recital 47). We have completed a Legitimate Interests Assessment (dated 2026-06-21); a summary is available on request.
Source. Public company websites, public professional profiles, and the UK Companies House register. Some business email addresses are derived using standard business email-pattern tools rather than copied from a published page.
Recipients. Our email service provider, Proton Mail (Proton AG), which is established in Switzerland. This is a transfer to a third country that both the European Commission and the United Kingdom recognise as providing an adequate level of data protection, so no additional safeguards are required. We do not sell or share your data.
Retention. If you do not engage, we delete or suppress your record within 6 months. If you object, we keep a minimal record (email + date + "objected") indefinitely, solely to keep honouring your objection (Art 6(1)(c) / 17(3)(b)).
Your rights. Access, rectification, erasure, restriction, portability (where applicable), and — for direct marketing — an absolute right to object. To opt out, reply "remove" to our email or contact [email protected]; we stop immediately and permanently.
Complaints. You may complain to a supervisory authority — the UK Information Commissioner's Office (ico.org.uk) or the Slovak Office for Personal Data Protection (dataprotection.gov.sk).
Automated decisions. We do not carry out automated decision-making producing legal or similarly significant effects.
(For UK recipients: UK GDPR as amended by the Data (Use and Access) Act 2025. For EU/EEA recipients: Regulation (EU) 2016/679 (GDPR).)